aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/crypto/src/crypto.erl17
-rw-r--r--lib/crypto/test/crypto_SUITE.erl13
-rw-r--r--lib/public_key/src/public_key.erl29
-rw-r--r--lib/ssl/src/ssl_handshake.erl16
-rw-r--r--lib/ssl/test/erl_make_certs.erl2
5 files changed, 36 insertions, 41 deletions
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 43ea1d48fd..f87644b3fe 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -855,8 +855,8 @@ verify(rsa, Type, DataOrDigest, Signature, Key) ->
notsup -> erlang:error(notsup);
Bool -> Bool
end;
-verify(ecdsa, Type, DataOrDigest, Signature, Key) ->
- case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key(Key)) of
+verify(ecdsa, Type, DataOrDigest, Signature, [Key, Curve]) ->
+ case ecdsa_verify_nif(Type, DataOrDigest, Signature, term_to_ec_key({Curve, undefined, Key})) of
notsup -> erlang:error(notsup);
Bool -> Bool
end.
@@ -901,6 +901,11 @@ map_ensure_int_as_bin([H|_]=List) when is_integer(H) ->
map_ensure_int_as_bin(List) ->
List.
+ensure_int_as_bin(Int) when is_integer(Int) ->
+ int_to_bin(Int);
+ensure_int_as_bin(Bin) ->
+ Bin.
+
map_to_norm_bin([H|_]=List) when is_integer(H) ->
lists:map(fun(E) -> int_to_bin(E) end, List);
map_to_norm_bin(List) ->
@@ -917,8 +922,8 @@ sign(dss, Type, DataOrDigest, Key) ->
error -> erlang:error(badkey, [DataOrDigest, Key]);
Sign -> Sign
end;
-sign(ecdsa, Type, DataOrDigest, Key) ->
- case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key(Key)) of
+sign(ecdsa, Type, DataOrDigest, [Key, Curve]) ->
+ case ecdsa_sign_nif(Type, DataOrDigest, term_to_ec_key({Curve, Key, undefined})) of
error -> erlang:error(badkey, [Type,DataOrDigest,Key]);
Sign -> Sign
end.
@@ -1228,9 +1233,9 @@ term_to_nif_prime({prime_field, Prime}) ->
term_to_nif_prime(PrimeField) ->
PrimeField.
term_to_nif_curve({A, B, Seed}) ->
- {int_to_bin(A), int_to_bin(B), Seed}.
+ {ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}.
term_to_nif_curve_parameters({PrimeField, Curve, BasePoint, Order, CoFactor}) ->
- {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), BasePoint, int_to_bin(Order), int_to_bin(CoFactor)};
+ {term_to_nif_prime(PrimeField), term_to_nif_curve(Curve), ensure_int_as_bin(BasePoint), int_to_bin(Order), int_to_bin(CoFactor)};
term_to_nif_curve_parameters(Curve) when is_atom(Curve) ->
%% named curve
Curve.
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 473609778c..3ebe10866c 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1892,8 +1892,8 @@ ec(Config) when is_list(Config) ->
ec_do() ->
%% test for a name curve
{D2_priv, D2_pub} = crypto:generate_key(ecdh, sect113r2),
- D2 = {sect113r2, D2_priv, D2_pub},
-
+ PrivECDH = [D2_priv, sect113r2],
+ PubECDH = [D2_pub, sect113r2],
%%TODO: find a published test case for a EC key
%% test for a full specified curve and public key,
@@ -1932,14 +1932,11 @@ ec_do() ->
16#f7, 16#90, 16#1e, 16#0e, 16#82, 16#97, 16#48, 16#56, 16#a7>>,
CoFactor = 1,
Curve = {{prime_field,P},{A,B,none},BasePoint, Order,CoFactor},
- CsCaKey = {Curve, undefined, PubKey},
- %%T3 = crypto:term_to_ec_key(CsCaKey),
- %%?line CsCaKey = crypto:ec_key_to_term(T3),
Msg = <<99,234,6,64,190,237,201,99,80,248,58,40,70,45,149,218,5,246,242,63>>,
- Sign = crypto:sign(ecdsa, sha, Msg, D2),
- ?line true = crypto:verify(ecdsa, sha, Msg, Sign, D2),
- ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, D2),
+ Sign = crypto:sign(ecdsa, sha, Msg, PrivECDH),
+ ?line true = crypto:verify(ecdsa, sha, Msg, Sign, PubECDH),
+ ?line false = crypto:verify(ecdsa, sha, Msg, <<10,20>>, PubECDH),
ok.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 3497018a88..a8fe9213ea 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -326,7 +326,9 @@ encrypt_private(PlainText,
crypto:rsa_private_encrypt(PlainText, format_rsa_private_key(Key), Padding).
%%--------------------------------------------------------------------
--spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} | #'OTPECParameters'{}) -> {Public::binary(), Private::binary()}.
+-spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} |
+ #'OTPECParameters'{}) -> {Public::binary(), Private::binary()} |
+ #'ECPrivateKey'{}.
%% Description: Generates a new keypair
%%--------------------------------------------------------------------
generate_key(#'DHParameter'{prime = P, base = G}) ->
@@ -396,9 +398,10 @@ sign(DigestOrPlainText, DigestType, Key = #'RSAPrivateKey'{}) ->
sign(DigestOrPlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X}) ->
crypto:sign(dss, sha, DigestOrPlainText, [P, Q, G, X]);
-sign(DigestOrPlainText, DigestType, Key = #'ECPrivateKey'{}) ->
- ECDHKey = format_ecdh_key(Key),
- crypto:sign(ecdsa, DigestType, DigestOrPlainText, ECDHKey);
+sign(DigestOrPlainText, DigestType, #'ECPrivateKey'{privateKey = PrivKey,
+ parameters = Param}) ->
+ ECCurve = ec_curve_spec(Param),
+ crypto:sign(ecdsa, DigestType, DigestOrPlainText, [list2int(PrivKey), ECCurve]);
%% Backwards compatible
sign(Digest, none, #'DSAPrivateKey'{} = Key) ->
@@ -415,9 +418,9 @@ verify(DigestOrPlainText, DigestType, Signature,
crypto:verify(rsa, DigestType, DigestOrPlainText, Signature,
[Exp, Mod]);
-verify(DigestOrPlaintext, DigestType, Signature, Key = {#'ECPoint'{}, _}) ->
- ECDHKey = format_ecdh_key(Key),
- crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, ECDHKey);
+verify(DigestOrPlaintext, DigestType, Signature, {#'ECPoint'{point = Point}, Param}) ->
+ ECCurve = ec_curve_spec(Param),
+ crypto:verify(ecdsa, DigestType, DigestOrPlaintext, Signature, [Point, ECCurve]);
%% Backwards compatibility
verify(Digest, none, Signature, {_, #'Dss-Parms'{}} = Key ) ->
@@ -868,20 +871,10 @@ ec_generate_key(Params) ->
Term = crypto:generate_key(ecdh, Curve),
ec_key(Term, Params).
-format_ecdh_key(#'ECPrivateKey'{privateKey = PrivKey,
- parameters = Param,
- publicKey = _}) ->
- ECCurve = ec_curve_spec(Param),
- {ECCurve, list2int(PrivKey), undefined};
-
-format_ecdh_key({#'ECPoint'{point = Point}, Param}) ->
- ECCurve = ec_curve_spec(Param),
- {ECCurve, undefined, Point}.
-
ec_curve_spec( #'OTPECParameters'{fieldID = FieldId, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) ->
Field = {pubkey_cert_records:supportedCurvesTypes(FieldId#'OTPFieldID'.fieldType),
FieldId#'OTPFieldID'.parameters},
- Curve = {list2int(PCurve#'Curve'.a), list2int(PCurve#'Curve'.b), none},
+ Curve = {erlang:list_to_binary(PCurve#'Curve'.a), erlang:list_to_binary(PCurve#'Curve'.b), none},
{Field, Curve, erlang:list_to_binary(Base), Order, CoFactor};
ec_curve_spec({namedCurve, OID}) ->
pubkey_cert_records:namedCurves(OID).
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 0744ef4180..338319ab9e 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -429,10 +429,8 @@ key_exchange(client, _Version, {srp, PublicKey}) ->
key_exchange(server, Version, {dh, {PublicKey, _},
#'DHParameter'{prime = P, base = G},
HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
- <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
- <<?UINT32(_), GBin/binary>> = crypto:mpint(G),
- ServerDHParams = #server_dh_params{dh_p = PBin,
- dh_g = GBin, dh_y = PublicKey},
+ ServerDHParams = #server_dh_params{dh_p = int_to_bin(P),
+ dh_g = int_to_bin(G), dh_y = PublicKey},
enc_server_key_exchange(Version, ServerDHParams, HashSign,
ClientRandom, ServerRandom, PrivateKey);
@@ -452,12 +450,10 @@ key_exchange(server, Version, {psk, PskIdentityHint,
key_exchange(server, Version, {dhe_psk, PskIdentityHint, {PublicKey, _},
#'DHParameter'{prime = P, base = G},
HashSign, ClientRandom, ServerRandom, PrivateKey}) ->
- <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
- <<?UINT32(_), GBin/binary>> = crypto:mpint(G),
ServerEDHPSKParams = #server_dhe_psk_params{
hint = PskIdentityHint,
- dh_params = #server_dh_params{dh_p = PBin,
- dh_g = GBin, dh_y = PublicKey}
+ dh_params = #server_dh_params{dh_p = int_to_bin(P),
+ dh_g = int_to_bin(G), dh_y = PublicKey}
},
enc_server_key_exchange(Version, ServerEDHPSKParams,
HashSign, ClientRandom, ServerRandom, PrivateKey);
@@ -1791,3 +1787,7 @@ handle_srp_extension(undefined, Session) ->
Session;
handle_srp_extension(#srp{username = Username}, Session) ->
Session#session{srp_username = Username}.
+
+int_to_bin(I) ->
+ L = (length(integer_to_list(I, 16)) + 1) div 2,
+ <<I:(L*8)>>.
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index c32ca6dd1f..723ccf4496 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -409,7 +409,7 @@ int2list(I) ->
binary_to_list(<<I:(L*8)>>).
gen_ec2(CurveId) ->
- {PrivKey, PubKey} = crypto:generate_key(ecdh,CurveId),
+ {PrivKey, PubKey} = crypto:generate_key(ecdh, CurveId),
#'ECPrivateKey'{version = 1,
privateKey = int2list(PrivKey),